Cyber Security Analyst III

Job Summary Monitor information system activity, collect, review, and retain audit logs to include system logs and records and determine actions to be taken when discrepancies are detected.  -Collect and review audit data of network activity to support technical analysis relating to misuse, penetration reconstruction, or other security investigations.  Investigate and report actual or suspected information systems security incidents, events, or violations and report to the Cyber Security Manager. -Performs analyses to validate established security processes and recommend additional security steps to ensure compliance with applicable DOD IA requirements and baseline IA controls.  -Conduct network security vulnerability assessments using DoD provided scanning tools and liaison with network administrators to correct identified problems. -Review Information Assurance Vulnerability Alerts (IAVA) for applicability and impact to the range networks.  Ensure that all systems are patched and report compliance or problems in achieving compliance to the Cyber Security Manager. -Evaluate information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance.  -Conduct vulnerability scanning for new information system deployment or systems temporary connected to CTTR enclaves to support training events or testing.  Ensure new information systems are configured in accordance with current DISA STIG's and DoD/DoN Directives. -Verify all Virus Signatures are kept up to date, and Automated and Manual Virus Scans are documented, scheduled and are being completed. React to and report actual or suspected events to the Cyber Security Manager. -Assist in evaluation of Information Systems for compliance with Government statutes, DoD 8500.2 IA Controls, DoD FISMA directives, policies and regulations. -Assist in the documentation, review, and assessment of RMF packages including SIP (System Identification Profiles, Scorecards, POA&Ms, Artifacts, and IA (Information Assurance) Controls. -Update/maintain a Plan of Action and Milestone (POA&M) and Risk Assessment Report (RAR) in order to track the resolution of vulnerabilities identified on systems. -Ensure IA requirements are identified and included in the design, acquisition, installation, operation, upgrade, or replacement of all Information Technology (IT) dependent systems. -Assist the Cyber Security Manager with the development of the IA related Procedures, and Work Instructions. -Attend IA security training as required to maintain and gain knowledge and skills of current IA issues. -Supports the Computer Systems Analyst to determine limitations of existing systems and performs duties as alternate System Administrator. -Position requires ability and commitment to provide coverage outside normal working hours or shifts in daily hours, as warranted, not to interfere with Range Operations. Perform all other position related duties as assigned or requested. Work Environment, Physical Demands, and Mental Demands: Typical office environment with no unusual hazards, occasional lifting to 20 pounds, constant sitting while using the computer terminal, constant use of sight abilities while reviewing documents, constant use of speech/hearing abilities for communication, constant mental alertness, must possess planning/organizing skills, and must be able to work under deadlines.  Routine travel to remote site facilities may be involved. Minimum Requirements Requires Bachelors Degree in an Information Technology related discipline (engineering, computer science, information systems, etc) plus 4 years of IT/IA experience or at least 8 years of experience in lieu of degree in a combination of IA Training, IT Certification and progressive work experience in the areas of:   -DoD Certification and Accreditation -Information System Security -Vulnerability Assessment and Mitigation -Network Administration -Risk Analysis -Network Security Auditing    Hands on experience in the following areas: -Lifecycle support of the DoD Certification and Accreditation (C&A) Process (DIACAP or RMF) -Managing C&A using Enterprise Mission Assurance Support Service (eMASS) -Conducting Network Vulnerability Scanning, Assessment and Mitigation -Security Event Correlation and Security Monitoring-Security Test and Evaluation (ST&E) procedures, coordination of security measures including analysis, periodic testing, evaluation and verification, risk analysis reporting and determining appropriate mitigation measures .-Securing Networks and Operating Systems (Cisco, Windows, and Linux) to Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) standards. -Host Based Security System (HBSS) Administration -Assured Compliance Assessment Solution (ACAS) Administration -Installation and monitoring of network IDS and firewalls such as Cisco PIX or other similar technologies.   Minimum Position Specific Training Required: -Must maintain DoD 8570.1 certification requirements for IAT-II (Security+ CE or approved college degree) -Requires documented training in the following areas, network infrastructure (Cisco), Microsoft Server Administration Host Based Security System Must possess and maintain an active DoD Secret clearance Must be a US Citizen Preferred Qualifications Risk Management Framework (RMF) Discipline HBSS Product Support ACAS Product Support ISC2 CISSP, or recognized equivalent 200738BR
Salary Range: NA
Minimum Qualification
Less than 5 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.